On 9 May 2013 10:26, James M Snell <jasnell@gmail.com> wrote:
> Recommendation: Adding a short statement that a PROTOCOL_ERROR MUST be
> returned if a frame contains more bytes than what is expressly
> specified in the frame definition.
That would prevent extension unnecessarily. And it doesn't do
anything to improve security.
When you want to harden security, you need to consider what equivalent
options are available to an attacker. If I wanted to send you more
data, then I will use DATA frames. Unless you can find a way to
curtail DATA I see no reason to clamp down here.